1. Field of the Invention
The present invention generally relates to the control of access to a system and, more particularly, to role based access control.
2. Background of the Invention
Role based access control (RBAC), which is also referred to as role based security, is commonly used to secure access to critical resources within an organization. For example, roles are created for various job functions within the organization, and permissions to perform certain operations are assigned to one or more of the roles that have been created. Users also are assigned to one or more of the roles, and through those role assignments, acquire the permissions to access information and perform operations within the system.
Since the users are not assigned permissions directly, but only acquire permissions through their assigned role (or roles), management of individual user rights becomes a matter of assigning the appropriate role or roles to each user. Common operations, such as adding users or changing permissions for groups of users, thus can be performed in a relatively simple manner.
The derivation of RBAC policies and roles is typically performed by an operator manually parsing operation and maintenance (O&M) scripts to retrieve verb-switches that are required to define a policy or role. The number of verb-switches that are required can number in the tens or even hundreds, and human errors often occur during the parsing process. For example, an incorrect verb-switch may be parsed, or attributes corresponding to a particular verb-switch may be accidentally missed. When errors occur, gaps in security can result, thereby increasing the risk of security breaches.